[4302] in bugtraq
[NTSEC] ALERT - NT security flaw announcement
daemon@ATHENA.MIT.EDU (Aleph One)
Fri Apr 18 18:54:29 1997
Date: Fri, 18 Apr 1997 17:27:41 -0500
Reply-To: MWC Security Team <Security@box.omna.com>
From: Aleph One <aleph1@DFW.NET>
To: BUGTRAQ@NETSPACE.ORG
April 18, 1997
Announcement
MWC, Inc.- NTsecurity.com would like to inform Internet Community that
MWC, Inc. has discovered a security flaw ("RedButton Bug") in Microsoft
Windows NT v 3.5x, 4.0. The
security problem affects the majority of NT based networks.
The "RedButton Bug" enables a remote user to get unauthorized access to
a part of the NT system including registry and file system. The "RedButton"
utility, which is available for download at
http://www.NTsecurity.com/RedButton/ demonstrates the possibility of such
an access:
* It logs on remotely on a Target computer without presenting any User
Name and Password
* gains access to some of the resources available to Everyone
* determines the current name of Built-in Administrator account (thus
demonstrating that it is useless to rename it)
* reads several registry entries (i.e. displays the name of a Registered
Owner)
* lists all shares (including the hidden ones)
Microsoft has already been notified about this flaw.
MWC, Inc - NTsecurity.com
Network Security Team
